KPMG Personalization

Notice of updates
!

Since the last time you logged in our privacy statement has been updated. We want to ensure that you are kept up to date with any changes and as such would ask that you take a moment to review the changes. You will not continue to receive KPMG subscriptions until you accept the changes.

Hi
!

Our privacy policy has been updated since the last time you logged in

We want to make sure you're kept up to date. Please take a moment to review these changes. You will not receive KPMG subscription messages until you agree to the new policy.

Close

Hi!

Key Risks for Internal Audit

Key Risks for Internal Audit

Related content

Traditionally, adding value and providing insights on the key risks of an organization has not been a key priority of IA. A modern IA function however should understand the organizations key risks and proactively identify emerging risks in order to add value to the organization.

This publication will help IA to prioritize areas and will further enhance IA’s role as a strategic and value adding business partner within the organization.

This article highlights several key risks that IA should consider in the development of an annual strategic audit plan.

In order to select the key risks that matter to the organization, IA:

Is required to have a deep understanding of the business strategy and operations across all levels of the organization.

Must adapt their methodologies to increasingly utilize technology in the execution of their audits. This will provide efficiency gains as well as deeper insights into the business, and further develop the value perception and credibility of IA.

Should provide assurance, but in addition also deliver insights in the business.

The top 16 key risks to focus on for 2017 and 2018 are the following:

Regulatory compliance

IT governance

Tax compliance

Outsourcing

Effectiveness and efficiency of operational processes

Management of third-party relationships and risks

Organization-wide initiatives/projects

Cybersecurity

Ethics and integrity of the organization

Data analytics and mass data usage

Integrated ERM and monitoring

Effective talent management

Mergers, Acquisitions, and Divestitures

Trade Environment and Customs

Alignment of operations to organization’s strategy and objectives

Data protection and privacy

Let’s highlight some of the most emerging risks of this time:

1 Cybersecurity

Important drivers to mitigate cybersecurity risks are:

Preventing reputational damage to the organization, especially with regards to lost customer data.

Ensuring the security of capital, intellectual property and other privileged information

Internal audit can help with performing a risk assessment of the organizations cybersecurity process with reference to best practice industry standards, and provide process improvement recommendation. Or, with conducting penetration testing of selected IT testing.

Therefore, IA should have a sound understanding of the organization’s cybersecurity concept and design (including the future IT security strategy), and should have knowledge of good practice in cybersecurity and general IT related processes.

2 Ethics and integrity of the organization

Drivers of the ethics and integrity risks for the organization are:

Limited effectiveness of existing anti-bribery and corruption compliance activities in eliminating such activities.

Emerging regulatory and compliance risk introduced to the organization by various factors such as organic expansion into new markets, dealing with third parties or business acquisitions.

Internal audit can conduct a gap analysis of the organization’s existing anti-bribery and corruption procedures in comparison to leading practices. In addition, Internal audit could enhance return on investment by embedding anti-bribery and corruption procedures into its existing/scheduled audits. As a consequence, IA needs expertise in for example, performing cross-border bribery and corruption investigations, and should have an understanding of the organization’s governance structure and ethical framework.

3 Management of third-party relationships

Third party relationships expose organizations to new risks and potential compliance failures. Compliance failures may occur due to complexity of the agreement itself or the business environment that the organization operates in. In addition increase in potential data security breaches and operations in areas of political uncertainty are some of the underlying risks.

In order to mitigate these risks, organizations need to implement controls:

Increasing oversight

Enhancing cost reduction

Improving contract governance

IA can help by, for example, reviewing third party selection and due diligence processes or monitoring regulatory development related to third parties.

For more information on the Top 16 risks in 2017 and 2018, read the publication on Key risks for internal Audit.